• Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Facebook Twitter Instagram
Trending
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
  • Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
  • Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Facebook Twitter YouTube Tumblr Instagram Pinterest
Hacking Tutorials
  • Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Hacking Tutorials
You are at:Home » Hacking Books » The Best Hacking Books 2018
The Best Hacking Books 2018

The Best Hacking Books 2018

18
By Hacking Tutorials on February 2, 2018 Hacking Books

One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, penetration testing, web application penetration testing and other InfoSec related subjects. In addition to college degrees, certifications, hacking courses, taking up challenges and practical training, books are an invaluable source of information to keep your knowledge up-to-date and acquire new skills. Whether you’re a beginner in the field of InfoSec or a seasoned professional, mastery of new skills will open up many doors and allow you to progress in your career faster.

The secret of becoming a (better) penetration tester, bug bounty hunter or IT professional is to not only focus on penetration testing books but also read books on related subjects such as: Networking, programming, exploit development, web applications, network security monitoring and other IT subjects. Having at least a little theoretical knowledge about these subjects helps you a lot to look at information security from different angles and perspectives. For this reason I will not only list hacking books in this article but also books on related subjects that I deemed important enough to read. In my opinion every serious IT professional should be reading at least a book per month and I hope that this article will help you discover your next InfoSec book to read.

Please note that the listings of the books is not a ranking but a mere overview of hacking books that I recommend to the Hacking Tutorials readers. I will update this article on a regular basis with new books. Would you like to see a specific book added to the list or even your own book? Please leave a comment below and I will add it to the list.

Finally, I have included Amazon affiliate links underneath each book review which will generate a small commission for Hacking Tutorials when buying the book through this link. If you prefer to not buy the book through these links, please browse to Amazon and use the search function to lookup the book.

Penetration Testing: A Hands-On Introduction to Hacking

Penetration Testing: A Hands-On Introduction to Hacking

The first book I would like to recommend is a hacking book that has helped many people to make their first steps into ethical hacking and penetration testing. Penetration Testing: A Hands-On Introduction to Hacking is written by Georgia Weidman and is a good book for anyone new to the subjects as it generally focuses on beginners. The author of this book covers many different subjects such as setting up a lab to enumeration, exploitation, mobile hacking and a lot more. What I personally like about this book is that the author explains every step in the process in detail and also relates it to her wide experience in the field as a penetration tester. So if you’re new to penetration testing without prior experience, this book is a great place to start an exciting journey!

According to the author on Twitter she’s currently writing an updated V2 version of this book, follow her for updates! While this book is still greatly appreciated by many (including me) and helped many people making their first steps into the field of penetration testing, some parts of the book (including the URLs) are a bit outdated. If you’re fine with this like us, make sure that you check the update section for this book on the authors website. Otherwise I would recommend to wait until the updated V2 of this book is released.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd EditionThis fantastic web app hacking book is a must read for anyone that is interested in web application penetration testing and covers everything you need to know about this subject. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition is written by the founder of Portswigger which is the company behind the popular security testing & scanning tool called Burp Suite. This book teaches you step by step how to test the security of web applications from start to finish. One thing I particularly like about this book is that it explains different web technologies, how to exploit them and how to defend against the attack in particular. Furthermore this book covers the very basics a web application penetration tester needs to know in depth, such as how the HTTP protocol works in order to get a better understanding of communications between a webserver and visitor which helps in understanding attacks and defense.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

Advanced Penetration Testing: Hacking the world’s most secure networks

Advanced Penetration Testing: Hacking the world’s most secure networksIf you have read my blog before or follow me on Twitter you would know that I’m a big fan of this book. In 2017 I have read this book and wrote a book review article here on Hacking Tutorials. This book might not be the first book for beginners to read although it puts everything you read about penetration testing in the right perspective. In this book the author covers complex attack simulation and Advanced Persistent Threat (APT) modelling featuring techniques that are way beyond using Metasploit and vulnerability scanners. IT covers subjects such as social engineering, highly secured networks, malware, creating and setting up C2 servers and C&C structures and even advanced data exfiltration techniques. Each chapter describes APT modelling against an organization in a specific industry such as a hospital, pharmaceutical company or bank. The break down in industry also gives the reader a clear view how specific industries have different assets to protect, how they are protected and by who. Finally the author is a very experienced penetration tester/red teamer so the examples and context of the scenarios provided in the book come straight from the field. MUST READ!

Advanced Penetration Testing: Hacking the World’s Most Secure Networks

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes 2nd Edition

The Shellcoders Handbook: Discovering and Exploiting Security Holes 2nd Edition Written by the ultimate group of top security experts this book covers everything you need to on how to find security holes in operating systems and applications. You’ll work with the basic building blocks of security bugs, assembler, source code, the stack, the heap, and so on. The prerequisites of this book require you to have basic programming knowledge and understanding of IT concepts but in my opinion this is not enough. This books is expertly written without much introductions or basics which makes this book a pretty hard one to read and definitely not a joke. If you have a good understanding of programming concepts, x86, assembly, exploit development and want to learn more about various types of advanced exploits like stack overflow, heap overflow and exploit development, Return Oriented Programming, Fuzzing, ASLR/DEP handling and a lot more, this book is for you. If you have less technical knowledge and you’re a beginner on these subjects you’ll probably end up researching a lot of this stuff as a side effect of reading this book (which is not a bad thing though!).

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes

Red Team: How to Succeed By Thinking Like the Enemy

Red Team: How to Succeed By Thinking Like the Enemy

Red Team: How to succeed by thinking like the enemy is written by national security expert Micah Zenko. In this book the author provides in-depth information about the work of red teams, how they operate, the best practices and most common pitfalls, and effective applications of the modern-day Devil’s Advocates approach. At first you might be wondering why I list this book in a hacker/InfoSec book overview as this book does not cover any technical subjects or red teaming tools. But, when you’ve read this book you’ve learned how best practices of red teaming can yield impressive results by thinking like the enemy and considering alternate analysis to reveal weaknesses in systems and processes. What I also like about this book is that the author covers many business scenarios and shortcomings from his experience that anyone who has worked in mid-size or large organizations can relate to. The book also includes a lot of examples of effective and ineffective red teaming exercises and a clear lessons learned review from these exercises. So if you’re looking for a great introduction to red teaming and you’re interested in the history of red teaming, the theory behind it, best practices and pitfalls, critical thinking and alternate analysis, and how to operate red teams, this book is a must read.

Red Team: How to Succeed By Thinking Like the Enemy

Update: Some good advice from the author in response to this article:

Web Hacking 101

Web Hacking 101Web Hacking 101 is written by Peter Yaworski (with a foreword by HackerOne Co-Founders Michiel Prins and Jobert Abma) and explains common vulnerabilities found in web applications using publicly disclosed vulnerability reports on bug bounty programs. The book covers vulnerability reports on Cross site scripting (XSS), Cross site request forgery (CSRF), Remote Code Execution (RCE) and many more vulnerability types. Each report is analysed by the author and includes details about the vulnerability, a clear description and the reward that was paid. With this book you won’t just learn about the vulnerabilities and how they were exploited but also their context, the impact and how to recognize them on your own bug bounty hunts. Finally the book also provides an overview of bug bounty platforms, tools, blogs and some cheat sheets to get started with bug bounty hunting right away. The book is available at Leanpub.com for as low as $9.99 which is a great value for the money.

Applied Network Security Monitoring: Collection, Detection and Analysis

Applied Network Security Monitoring Collection, Detection, and AnalysisApplied Network Security Monitoring is a great practical guide into Network Security Monitoring (NSM) that covers the subject from the ground up. This great book helps you to become an NSM analyst and teaches the key concepts of NSM accompanied by many practical tutorials and real life examples. Applied Network Security Monitoring is one of the best books I’ve read on this subject so far. The authors of the book, Chris Sanders & Jason Smith, are very experienced in the field on Network Security Monitoring and also know how to teach it to others in a way that is very attention holding and easy to understand if you’re new to the subject. They almost make NSM look easy! The author also offers online courses and training on his website that are definitely worth checking out (See training section on Chris Sanders website).

Finally the book is divided into three primary sections (Collection, Detection, & Analysis) that takes you through all stages of the NSM process. Each sections contains practical examples and hands-on coverage of the tools needed which makes it very easy to learn the practical side of NSM alongside reading the book. The book provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, PRADS, and many others tools.

Applied Network Security Monitoring: Collection, Detection, and Analysis

More Hacking Books

In the upcoming weeks I will update this article with new books I’ve read that I can recommend to hackers and pentesters. If you would like to suggest a specific book to read and review, please leave a comment so that I can look into it.

Virtual Hacking Labs - Penetration testing lab

Share on:

  • Email
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleHacking Tutorials 2018
Next Article Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup

Related Posts

Book Review: Advanced Penetration Testing

Course: The Virtual Hacking Labs

18 Comments

  1. Josh on February 17, 2018 8:12 am

    Hacking Exposed Web Applications 3

    Reply
    • Hacking Tutorials on February 18, 2018 12:47 pm

      Thank you for your recommendation!

      Reply
  2. Christian Roth on April 13, 2018 3:02 am

    Attacking Network Protocols: A Hacker’s Guide to Capture, Analysis, and Exploitation: https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504/
    The Tangled Web: A Guide to Securing Modern Web Applications: https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886/
    Network Security Assessment: Know Your Network: https://www.amazon.com/Network-Security-Assessment-Know-Your/dp/149191095X/

    In my opinion all excellent sources for Network and Webhacking.

    Tangled web is a good addition after reading the web application book!

    Reply
  3. Anshul Prajapati on May 14, 2018 5:22 pm

    I have no book to recommend you but I am interested in study more and more books related to hacking please update your article as soon as possible.

    Reply
    • Mostafa on September 9, 2019 7:56 am

      Exactly , I agree with YOU …

      Reply
  4. warren stearman on May 26, 2018 12:06 pm

    The hacker playbook 3

    Reply
    • Hacking Tutorials on July 5, 2018 1:59 pm

      I’m currently reading this book and will add it to the list soon + a full review. Thanks for the recommendation!

      Reply
  5. Acanthophis on August 30, 2018 7:09 pm

    Metasploit: The Penetration Tester’s Giude

    Reply
  6. Eric on September 5, 2018 1:54 am

    Awesome post! I am in school right now for Network security and computer forensics, although I will say that I am way behind and not sure honestly if I could ever catch up. Its a two year and I have no prior experience and am pretty old! But I appreciate sites like yours that give great advice and insight into ethical hacking. Just wish I would of started much much earlier.

    Reply
    • Hacking Tutorials on September 10, 2018 9:34 am

      Great to read that you like the post so much! Just work hard and you will catch up!
      Good luck and you can always contact me on Twitter if you have questions related to the content (or just post them here).

      Best,
      Hacking Tutorials

      Reply
  7. ajay on September 29, 2018 5:47 pm

    Thank you for your recommendation

    Reply
  8. Mohamed on February 6, 2019 11:16 am

    Thanks for the informations
    Just want to ask
    this is the first time for me to study hacking
    since the computer science changes so fast is it good to start from book written in 2014

    Reply
    • Hacking Tutorials on February 6, 2019 6:00 pm

      Good question!

      As mentioned in the article some parts of the book are a bit outdated, especially when it comes to tools, but it’s still a great book that perfectly describes techniques and methodology.

      If you’re looking for more web app pentesting books Web Hacking 101 is more recent.

      Reply
  9. Thasin on February 13, 2019 7:14 pm

    Any book about wifi and Internet hacking?

    Reply
  10. Aayush on July 16, 2019 3:57 pm

    Yes same as above comment. Do you know any books/ courses for advanced WiFi cracking? I am intermediate level in which I can crack almost all wep but not many wpa/wpa2 and I want to be able to consistently crack them. Thanks!

    Reply
  11. Abhishek Mohanty on December 20, 2019 9:58 am

    Thanx a lot
    This article is very helpful for d begginrs.
    Now i m in 11th.
    Completed 2 computer languages. So a bit interested in this field.
    I will surely read yr recommend books.

    Reply
  12. Haise on November 12, 2021 3:49 pm

    Hi, I have a question
    Are these books still useful to 2021?

    Reply
    • Hacking Tutorials on November 17, 2021 1:21 pm

      Hi, I think most of them are!

      Reply

Leave A Reply Cancel Reply

Top Tutorials
By Hacking TutorialsOctober 29, 20220

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

By Hacking TutorialsJanuary 10, 20220

Installing Rogue-jndi on Kali Linux

By Hacking TutorialsDecember 17, 20210

Log4Shell VMware vCenter Server (CVE-2021-44228)

By Hacking TutorialsSeptember 27, 20210

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw

By Hacking TutorialsFebruary 4, 20200

CVE-2019-19781: Citrix ADC RCE vulnerability

By Hacking TutorialsNovember 1, 20188

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations

Subscribe

Enter your email address to subscribe to Hacking Tutorials and receive notifications of new tutorials by email.

Join 828 other subscribers
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
Virtual Hacking Labs
Penetration Testin Course and Hacking Labs
Categories
  • Digital Forensics
  • Exploit tutorials
  • General Tutorials
  • Hacking Books
  • Hacking Courses
  • Malware Analysis Tutorials
  • Metasploit Tutorials
  • Networking
  • Pentesting Exchange
  • Scanning Tutorials
  • Web Applications
  • Wifi Hacking Tutorials
Downloads
  • directory_scanner.py (120565 downloads)
  • PEiD-0.95-20081103.zip (111420 downloads)
  • wifi_jammer.py (138162 downloads)
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
Popular Tutorials
By Hacking TutorialsSeptember 1, 2016115

Review: Offensive Security Certified Professional (OSCP)

By Hacking TutorialsApril 18, 201738

Exploiting Eternalblue for shell with Empire & Msfconsole

By Hacking TutorialsMarch 17, 201637

Installing VPN on Kali Linux 2016 Rolling

Featured Downloads
  • directory_scanner.py (120565 downloads)
  • PEiD-0.95-20081103.zip (111420 downloads)
  • wifi_jammer.py (138162 downloads)
© Hacking Tutorials 2022

Type above and press Enter to search. Press Esc to cancel.

Go to mobile version